Previous Topic: Policy Server Configuration FilesNext Topic: General CA SiteMinder® Troubleshooting


CA SiteMinder® and CA Security Compliance Manager

This section contains the following topics:

How CA SiteMinder® and CA Security Compliance Manager Integration Works

Generate the Compliance Reports

Display List of Available Compliance Reports Or Their Fields

How CA SiteMinder® and CA Security Compliance Manager Integration Works

CA CA SiteMinder® offers a command line tool, smcompliance, which creates compliance reports that you can manually import into CA Security Compliance Manager. The smcompliance tool generates the following types of reports by default:

Policies

Lists all of the policies stored in the CA SiteMinder® Policy Server from which the command was run.

User Directory

Lists all of the user directories in the policy store that is associated with the Policy Server.

User Resources

Lists the users, their respective user directories and any associated policies.

To export CA SiteMinder® compliance data to CA Security Compliance Manager, use the following process:

  1. (Optional) Update the configuration file for the compliance tool if you want to do any of the following:
  2. Generate the reports by running the compliance tool on the Policy Server.
  3. Send the generated reports to the CA Security Compliance Manager administrator in your organization.

Generate the Compliance Reports

The CA SiteMinder® compliance reports for CA Security Compliance Manager are generated with a command line tool. After the reports are generated, you must send them to the CA Security Compliance Manager administrator in your organization so they can be imported into CA Security Compliance Manager.

To generate the compliance reports

  1. Open a command line window on the machine which hosts the Policy Server.
  2. Run the smcompliance command with any of the following options:
    -dir directory_name

    Specifies the full path to an output directory where the generated reports will be saved. If this directory already exists, the tool renames the existing directory as a backup.

    Default: siteminder_home/compliance/output

    -conf configuration_file

    Specifies the full path to the configuration file that determines the content and format of the reports. The default configuration file has the content for CA Security Compliance Manager, but you can customize a configuration file to meet your needs.

    Default: siteminder_home/compliance/config

    -log log_file

    Specifies the full path to a log file.

    Default: siteminder_home/compliance/output

    -format format_type

    Specifies one of the following file types for the reports:

    • CSV (comma-separated value) file.
    • XML file

    Default: csv

    The reports and log file are generated. The files are ready to send to the CA Security Compliance Manager administrator.

Display List of Available Compliance Reports Or Their Fields

The CA SiteMinder® compliance-report tool, smcompliance, can generate other types of reports in addition to those reports produced by default.

To display a list of available compliance reports

  1. Open a command prompt on the Policy Server.
  2. Enter the following command:
    smcompliance -help reports
    

    A list of report names appears.

  3. (Optional) To see what fields a report contains, enter the following command:
    smcompliance -generate report_name
    

    The report_name must match a name from the list in Step 2. For example, to see what fields the agents report contains, enter the following:

    smcompliance -generate agents

    A list of fields for the report appears in XML format. You can add the XML to a configuration file to produce a new report.

Add a New Compliance Report

You can generate other types of compliance reports by adding new reports to the configuration file used by the smcompliance tool.

To add a new compliance report

  1. Verify the name of the report you want to add displaying a list of available compliance reports with the smcompliance tool.
  2. Display the fields of the report you want to add, then copy the xml-formatted text from the screen.
  3. Navigate to the following directory on the Policy Server.
    siteminder_home\compliance\config
    
  4. Open the default configuration file, compliance.conf, with a text editor.
  5. Save a copy of the default file using a different name.
  6. Copy an existing <report> section and paste it above the </reports> tag at the bottom of the configuration file.
  7. Remove the existing text between the <columns> tags.
  8. Add the text from Step 2 between the <columns> tags.
  9. Replace the value of the name attribute in the <report> tag with the name of the report from Step 1.
  10. Change the value of the name attribute in the <table> tag to describe the new report. The generated report file uses this name.
  11. Save your changes and close the new configuration file.

    The new report is added.

  12. Run the smcompliance command and specify the new configuration file.
Change the Content of the Existing Compliance Reports

The reports generated by the default configuration file provide the typical compliance information that CA Security Compliance Manager needs. If your organization has different needs, you can create your own custom configuration file to generate reports with the information you want.

  1. Navigate to the following directory on the Policy Server.
    siteminder_home\compliance\config
    
  2. Open the default configuration file, compliance.conf, with a text editor.
  3. Save a copy of the default file using a different name.
  4. Make the any of the following changes to the new copy of the configuration file: